﻿using System;
using System.Collections.Generic;
using System.Data;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Security.Cryptography;

using edowork.com.SQL2005;
using edowork.com.Model;

namespace WebInvoicingsys
{
    public partial class _default : System.Web.UI.Page
    {
        private bool checklogin(string useraccount, string password, ref string userid, ref string username, ref string departmentid)
        {
            userid = "";
            username = "";

            if (String.IsNullOrEmpty(useraccount))
            {
               return false;
            }

            if (String.IsNullOrEmpty(password))
            {
                return false;
            }

            Execute exec = new Execute(System.Configuration.ConfigurationManager.ConnectionStrings["SqlServer"].ToString());

            string sql = "", error_msg = "";

            //构造SQL语句
            sql = @"select * from sysuser where sysaccount='{0}' and syspassword='{1}'";

            sql = String.Format(sql, useraccount, SysID.md532(password));

            DataSet ds = exec.ExecSQLQueryDataSet(sql, ref error_msg);

            if ((ds == null) || (ds.Tables.Count <= 0) || (ds.Tables[0].Rows.Count != 1))
            {
                return false;
            }
            else
            {
                userid = ds.Tables[0].Rows[0]["userid"].ToString();
                username = ds.Tables[0].Rows[0]["username"].ToString();
                departmentid = ds.Tables[0].Rows[0]["departmentid"].ToString();
            }

            return true;
        }

        protected void Page_Load(object sender, EventArgs e)
        {
            //检查是否首次加载
            if (!IsPostBack)
            {
                ;
            }
        }

        //登陆系统
        protected void btLogin_Click(object sender, EventArgs e)
        {
            string keeponline = (ckbkeeponline.Checked) ? "1" : "0";

            string useraccount = txtusername.Value.ToString().Trim();
            string password = txtpassword.Value.ToString().Trim();

            string userid = "", username = "", departmentid = "" ;

            if (String.IsNullOrEmpty(useraccount))
            {
                txtusername.Focus();
                return;
            }

            if (String.IsNullOrEmpty(password))
            {
                txtpassword.Focus();
                return;
            }

            Session.Clear();

            //检查是否合法用户
            if (checklogin(useraccount, password, ref userid, ref username, ref departmentid) == false)
            {
                return;
            }

            Session.Add("userid", userid);
            Session.Add("username", username);
            Session.Add("departmentid", departmentid);

            Session.Add("keeponline", keeponline);
            Session.Add("login", "1");
            Session.Add("connectionString", System.Configuration.ConfigurationManager.ConnectionStrings["SqlServer"].ToString());
            Session.Add("Init", System.Configuration.ConfigurationManager.AppSettings["Init"].ToString());

            Response.Redirect("/system/main.aspx");
        }
    }
}